Web server

From SpinetiX Support Wiki

Jump to: navigation, search

Introduction

The HMP can communicate via the HTTP protocol with web servers and retrieve content from them. The most common web servers are Apache and Microsoft IIS, but other products can be used as well as long as they are HTTP compliant.

Content server

Any web server, with or without support for the WebDAV protocol, can be used as a content server whereby the HMP is instructed to pull multiple files or an entire project from it. This is useful for large setups involving a centralized server or whenever is not possible to push content directly on the player (for instance, due to firewall / NAT usage).

Protocols

The HMP supports accessing remote resources via HTTP and HTTPS.

Other protocols like FTP, NFS or SMB/CIFS are not supported.

Authentication

Supported authentication methods

The HMP supports the following methods for connecting to servers requiring authentication:

  • Basic access authentication
    HTTP Basic authentication (BA) implementation is the simplest technique for enforcing access controls to web resources because it doesn't require cookies, session identifiers, or login pages; rather, HTTP Basic authentication uses standard fields in the HTTP header, obviating the need for handshakes. The BA mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with Base64 in transit, but not encrypted or hashed in any way. HTTPS is, therefore, typically preferred over or used in conjunction with Basic Authentication.
  • Digest access authentication
    Digest access authentication is one of the agreed-upon methods a web server can use to negotiate credentials, such as username or password. It applies a hash function to the username and password before sending them over the network. In contrast, basic access authentication uses the easily reversible Base64 encoding instead of encryption, making it non-secure unless used in conjunction with SSL. Technically, digest authentication is an application of MD5 cryptographic hashing with usage of nonce values to prevent replay attacks. It uses the HTTP protocol.
  • NTLM (added in firmware 3.2.0)
    NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. NTLM is a challenge-response authentication protocol which uses three messages to authenticate a client in a connection oriented environment (connectionless is similar), and a fourth additional message if integrity is desired.
    NTLM is supported only over secured HTTP connections. Note that NTLM is an insecure protocol when not over SSL.

Credentials configuration

The credentials to be used by the player when accessing resources from remote servers requiring authentication are configured from:

Non-supported authentication methods

Other authentication methods like Kerberos, Integrated Windows Authentication, SPNEGO or FORM based are not supported.

  • Many Microsoft-based web services including SharePoint and Exchange are set to use Integrated Windows Authentication by default; this setting must be changed site-wide.
  • See these security considerations for reasons why using FORM based authentication with the HMP is not a good idea.

Technical notes

"Technical note"
For reasons of stability, when retrieving content from a web server, the HMP uses a partial GET, using HTTP Range Header to specify the first 512kb of the file. Some older or wrongly configured servers do not understand this command and return a 500 error "Internal Server Error". The HMP will then retry the request for the entire file. For this reason when using a server which reacts like this, the resources.log may include 500 errors, but the data is displayed successfully anyway. To remove the errors, the issue should be addressed on the server.
"Technical note"
Microsoft IIS does not serve SVG files by default. If you find the resources.log file filled with 404 errors, but you are certain that the file exists on the web server, then you may need to configure IIS by adding the SVG MIME type. For more information see this Microsoft Technet article.

See also

This page was last modified on 6 April 2016, at 12:20.